Gearbest hacked

>"""""hacked"""""
>implying they didn't sell it
you all niggas got CHINKED

>unencrypted
>usernames and passwords
Why are women allowed to write about technology?

i'd say email address is tier 4 and should have a unique password that is only used for it

I only log in using my google account. I never created a gearbest account. Am I fine ? Should I go full password reset errywhere ?

i'd say that's bullshit and you should have a strong and unique password for every site now matter how "trustwprthy" or "important"
if you don't, you deserve to get hacked and your details stolen

Luckily I use different passwords for everything. For example my gearbest password is gearbest123, how can they possibly know that my gmail password is gmail123, or that my paypal password is paypal123? Checkmate chinks

hacking your paypal rn scrub, say bye to all your moneys

they deserve it for buying chinkshit

>Gearbest
Literally who

>bought from banggood and aliexpress but stayed away from gearbest as heard too many horror stories.
>my mail
>ctrl-f gearbest
>0 results

Implying AliExpress is less likely to get you chinked

you say that but how do you remember a million passwords for different websites

storing them all inside a truecrypt container i mount everytime i need a password cus fuck password managers

>not using unique passwords for anything important

NP. I use a unique password for every website.

If passwords were stored unencrypted then why is only the app affected?

>2. They didn't even use hashing and salting

>150
Yeah, it's nothing.

>being this dumb
>making assumptions about security WITH CHINKS

>"app"
>using your phone for shopping
They deserved it.

Jack ma saves us again

And that's why you use throw away emails and prepaid Visa gift cards when dealing with shady businesses.

but my gearbest uses the same email and password as my paypal and email address and my bank hasnt notified me that anything is wrong yet. I think youre full of shit

>but my gearbest uses the same email and password as my paypal and email address

150 users. Thank you for killing a thread.

>implying it didnt need to be killed in the first place
why do you autists get so shitty about muh old and dead threads

>think damage control

Better get LifeLock NOW buddy hahahahaha

pastebin.com/16d9CPZW Is this it?

Someone answer this one please.

>hashing and salting

as long as you didn't use sha256 or other dumb hashing algorithms

>the last time i tried to log into my paypal with a proxy still enbabled i was locked out of my account for 4 years
never again. luckily i know paypal would have my back in the rare case of someone gaining access to my account but christ those were 4 miserable years without access to internet money.

That's why I believe crypto will win eventually.

Whatever, unique throwaway passwords
Plus when I report the cc fraud I'll get another month of prime and year of aws. This is a win

Why would not purchase those gifts debit cards from supermarkets to buy chink shit? You trust them with your real details? No

There are a fuckton of leaks from every company pretty much.

Fake and gay

create a script which uses a static salt (very long and complex), put through a KDF with a lot of iterations and parallelism (argon2 or scrypt) and stretch the output bytes to 4096, convert it from hex to bin, filter the binary output using your ASCII keyspace (ex. tr -cd [:graph:]), then trim it to a fixed length of 16 or whatever.. You can literally do this in a one liner and save it. You can just plug in a relatively easy to remember password, it will take about 3-5 seconds and shit out a really good password. Assuming they even have access to your salt, you can NOT brute force using a KDF that takes 3-5 seconds to complete. It will never complete. Doesn't matter what hardware they run it on. It just won't happen.

It doesn't matter. They used the app to exploit a vulnerability in their servers.

Nope. Can't log in to gearbest with any of the first 5.

how did they steal the passwords? isnt that shit encrypted

>trusting flavor of the month chink sites.

Reminder that having autistic-tier passwords is of absolutely no use in improving security if the site you use them on gets BTFO. Better to just have a long human-readable password that you can remember

Sucks to be you. Your Google account is now compromised too

Never use Google login for third party sites you don't trust

How is a password manager generated password bad?

if one of them gets BTFO the only thing that's relevant is whether or not you've reused it. people with shitty one word passwords will have most likely used it in other places too.

how about the fact you can't actually remember your logins and are now completely reliant on the password manager?

>how about the fact you can't actually remember your logins and are now completely reliant on the password manager?
why is this bad? i keep online and offline backups of my keepass file and have the password to it memorized.

If you log in using Google, FB, Twitter or any of that shit the API from those services is communicating with Gearbest. You're probably in a db table somewhere with a unique identifier, but as long as you're inputting your password in a Google form, your password should be safe

just append the site/company initials.

eg.
mid tier password used for buying shit online : azNpr!d3
company/site : aliexpress
final password : azNpr!d3ae
company/site : gearbest
final password : azNpr!d3gb

we went thru this a few /fucko/ threads ago. lurk moar bitch

i don't know man, i couldn't stand the idea of my shit being stored somewhere i may not be able to access or not knowing my passwords in general. you do what works for you.

this is way too obvious. shift the letters a certain number of times in the alphabet at least.

Bought from them before. Believe I never stored the card info for later use, since I would never trust stinky chinky. Either way, anybody have a way I can check?

They probably still stored your card info somewhere. You fucked up.

also, aliexpress = ae, gearbest = gb, google = gg? ge? go? gi for google inc? how the fuck are you gonna manage consistency with this retarded scheme

Probably better not to have consistency.

it's a simple barebone example for fucks sake, create your own methodology unless you want me to help you create all your passwords and take over your life. personally i just use the site name, like "he11ow0r!d_GIT~HUB".

fucken redditfag stop asking to be spoonfed

>claims retarded scheme
>actually most recommended password scheme on Sup Forums
Yeah mister wise guy. Tell us YOUR smart idea of a password algo then

are you serious? you're gonna have "ts" for twitter (s for social) and "ym" for yahoo (M for Marissa)? you don't see the problem here?

i've already mentioned all i use for my algo. it always uses the same two letters from the url but they are shifted several times independently of one another. i use the same method, just explaining why the example given here is shit.

>gets flaws pointed out in trivial example
>HURRR REDDIT ASKING TO BE SPOONFED
ok

>"he11ow0r!d_GIT~HUB"
i hope you realise how retarded this is. guess i'll go do some xmas shopping with "he11ow0r!d_AMA~ZON"